This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/Np-SgsMbvNtUeV1Q78-Ul_LgtAI.roa
File:                     Np-SgsMbvNtUeV1Q78-Ul_LgtAI.roa (raw, json)
Hash identifier:          FpZOxRp9m2d8Wj5Wy6a90uOf4hQ5Liav+WcFTy+XdBk=
Subject key identifier:   36:9F:92:82:C3:1B:BC:DB:54:79:5D:50:EF:CF:94:97:F2:E0:B4:02
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       019B7F15CF2A084794172F81818158809156
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/Np-SgsMbvNtUeV1Q78-Ul_LgtAI.roa
Signing time:             Fri 02 Jan 2026 14:21:34 +0000
ROA not before:           Fri 02 Jan 2026 14:21:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206361
IP address blocks:        2a09:ff00:300::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:cf:2a:08:47:94:17:2f:81:81:81:58:80:91:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Jan  2 14:21:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=369f9282c31bbcdb54795d50efcf9497f2e0b402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:51:31:d2:db:b4:02:3c:1a:94:c6:3c:f2:be:
                    a2:fd:4b:17:0c:9b:32:91:d7:b9:0e:ab:ea:b2:78:
                    22:5c:74:82:bd:9b:0e:23:1b:8d:50:3f:fc:0f:19:
                    87:3d:4a:4d:3b:0c:32:47:db:e3:42:ad:0e:70:7f:
                    52:fd:87:e8:83:04:d3:10:a8:4c:35:26:c0:9b:a0:
                    14:3a:2d:98:54:a0:e8:db:86:7c:e4:66:a3:93:f6:
                    98:e0:f5:5f:bc:6c:8f:b0:cd:4c:aa:bc:1f:38:14:
                    40:7c:fe:e5:cd:83:04:93:05:c7:e8:1a:cb:04:ad:
                    cb:4c:64:76:95:14:ec:65:ef:2a:61:40:9d:a7:38:
                    33:d9:53:1e:71:74:2a:da:b3:ed:eb:cf:97:df:a4:
                    37:30:fc:88:9e:71:f5:96:78:cc:4e:a0:84:9c:1c:
                    f2:83:24:7e:de:5f:5e:27:53:d8:a8:4b:cc:d8:52:
                    d5:56:93:98:fd:03:a2:73:d3:1a:03:51:df:b5:d0:
                    4a:9c:53:77:6d:f8:13:64:56:27:0d:09:1e:09:d0:
                    c0:3f:08:d1:78:45:a5:7e:b0:83:62:74:ba:b9:46:
                    87:d0:7f:e4:45:95:63:f2:2e:a0:e1:d9:73:45:d1:
                    57:d8:7d:96:69:bb:47:fe:c1:01:85:3b:02:b0:50:
                    e8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:9F:92:82:C3:1B:BC:DB:54:79:5D:50:EF:CF:94:97:F2:E0:B4:02
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/Np-SgsMbvNtUeV1Q78-Ul_LgtAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:ff00:300::/44

    Signature Algorithm: sha256WithRSAEncryption
         8f:97:9a:ec:da:6b:0a:6d:f7:25:44:96:99:5c:27:9c:7a:8e:
         01:30:dd:fa:b6:df:b7:dc:e3:5e:f0:d8:51:b8:63:fc:93:4d:
         2c:7c:a7:85:74:d2:f5:6f:ba:f2:4f:66:c8:8f:26:65:88:c2:
         64:f4:b4:f9:6e:9d:c9:a2:09:2e:5e:60:55:f0:82:1a:33:6d:
         ad:0e:6b:64:4e:79:ac:ae:57:9b:0c:b9:51:38:f6:c0:0a:96:
         1e:50:d0:49:17:41:ac:2c:cd:f6:6a:70:f2:40:fd:c6:14:47:
         16:51:f9:cb:78:f3:17:ad:30:41:39:e7:af:de:66:ee:29:a5:
         1c:04:bb:b2:3d:51:64:76:4d:93:ec:51:23:e5:e9:a7:ce:db:
         79:99:36:35:33:33:1a:6f:c2:75:88:2d:27:98:cc:25:f8:20:
         9e:e9:f1:65:79:f2:9f:a9:92:58:74:ce:12:de:0e:19:83:84:
         a4:88:6b:6e:b5:5e:5b:29:8f:70:3d:29:af:bb:81:f1:28:39:
         59:7c:24:60:1c:b4:33:86:0d:97:48:aa:9a:5c:8c:11:95:2d:
         24:61:9f:dd:d3:2a:ca:47:0e:a7:8c:d1:8e:28:04:84:e2:7c:
         fd:7b:53:d8:6d:54:0f:df:55:76:e4:a5:71:f1:e3:84:11:76:
         d0:f2:01:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/Fc8qCEeUFy+BgYFYgJFWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjYwMTAyMTQyMTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjlmOTI4MmMzMWJiY2RiNTQ3OTVkNTBlZmNmOTQ5N2YyZTBiNDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+lEx0tu0AjwalMY88r6i/UsXDJsy
kde5DqvqsngiXHSCvZsOIxuNUD/8DxmHPUpNOwwyR9vjQq0OcH9S/YfogwTTEKhM
NSbAm6AUOi2YVKDo24Z85Gajk/aY4PVfvGyPsM1MqrwfOBRAfP7lzYMEkwXH6BrL
BK3LTGR2lRTsZe8qYUCdpzgz2VMecXQq2rPt68+X36Q3MPyInnH1lnjMTqCEnBzy
gyR+3l9eJ1PYqEvM2FLVVpOY/QOic9MaA1HftdBKnFN3bfgTZFYnDQkeCdDAPwjR
eEWlfrCDYnS6uUaH0H/kRZVj8i6g4dlzRdFX2H2WabtH/sEBhTsCsFDoLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDafkoLDG7zbVHldUO/PlJfy4LQCMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvTnAtU2dzTWJ2TnRVZVYxUTc4LVVsX0xndEFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgn/AAMA
MA0GCSqGSIb3DQEBCwUAA4IBAQCPl5rs2msKbfclRJaZXCeceo4BMN36tt+33ONe
8NhRuGP8k00sfKeFdNL1b7ryT2bIjyZliMJk9LT5bp3JogkuXmBV8IIaM22tDmtk
TnmsrlebDLlROPbACpYeUNBJF0GsLM32anDyQP3GFEcWUfnLePMXrTBBOeev3mbu
KaUcBLuyPVFkdk2T7FEj5emnztt5mTY1MzMab8J1iC0nmMwl+CCe6fFlefKfqZJY
dM4S3g4Zg4SkiGtutV5bKY9wPSmvu4HxKDlZfCRgHLQzhg2XSKqaXIwRlS0kYZ/d
0yrKRw6njNGOKASE4nz9e1PYbVQP31V25KVx8eOEEXbQ8gHM
-----END CERTIFICATE-----